[00:36] The National Cybersecurity Alliance

Petko: We're going to talk about something that I think impacts all of us, but we don't want to admit it sometimes.

Rachael: Yes, exactly. It's kind of living life in a bubble sometimes is not a good thing. Let's jump right to it. Let's welcome to the podcast Jennifer Cook, she's senior director of marketing at the National Cybersecurity Alliance. 

Jennifer: Hi. Thank you for having me.

Rachael: Let's start at the top. For some people they may not know the great work that the National Cyber Security Alliance does, particularly National Cyber Security Awareness Month. I think it is actually a global initiative. You've got a lot of partners. Tell us how that is.

I'm sure it's been blowing up particularly in the last five years or whatever since we've been seeing much more focus on cybersecurity at the presidential level, at the administration level.

Jennifer: Absolutely. The National Cybersecurity Alliance is a nonprofit organization. It's our mission to make sure everybody has access to free, easy-to-understand resources about cybersecurity and about staying safe online. We've actually been around for over 20 years at this point, always focus on that mission of cybersecurity awareness and education, but we have absolutely seen interest in it explode over just the past even two or three years.

 

Leading the Cybersecurity Awareness

Jennifer: We co-lead cybersecurity awareness month every year with CISA. We work with a lot of partners around the world, we call them our champions. They sign up to receive our resources and promote those resources to their employees and their communities.

Just this past October during cybersecurity awareness month, we had almost a 100% increase in the number of registered partners. 

These people signing up to receive and distribute our information, they came from organizations representing over 120 different countries. That is a huge increase in the amount of interest in partnerships we've seen compared to the rest of the campaign.

It was really exciting to see different partners, different people from such a variety of organizations as well, schools, higher education, government, organizations, nonprofits, so many different industries just across the board getting involved and getting interested in cybersecurity.

Rachael: We've talked about this on the podcast. Petko has younger children, too. Just the access to technology at these really young ages and just trying to be aware of how you live your life online, particularly when that's all you've known. That kind of awareness, particularly for cyber careers.

That's really exciting, the great work that you guys are doing there. 

This time of year there's a lot of opportunities for cyber scams. Now this is what makes it so interesting I think for this world that we live in cyber or as an industry.

There's always new ways in and I think romance cyber scams where Valentine's Day is upon us is a nice jumping-off point for a lot of the things that we're seeing, that really do impact consumers. And you know, guys recently wrote a blog post I saw on your website just about this topic and just how prevalent it is.

 

[04:15] Romance and Online Dating Cyber Scams

Jennifer: We just came out with some new information about romance and online dating scams. We also have a toolkit available for anyone who wants to share resources again in the organizations. Romance cyber scams happens year round. We take this opportunity around Valentine's Day to talk about it especially.

Maybe people are going onto their dating apps or websites looking for love a little bit more than they did the rest of the year. It's just a good opportunity to talk about how prevalent these cyber scams can be and what to look out for. What to do if you spot a scam or if you find yourself kind of hooked into a romance scam?

Rachael: I was really surprised, I was looking into this. It was 1.3 billion in losses due to romance scams last year according to the FTC. This is the total of the previous five years combined just last year. You're seeing that, and that's only what's been reported is the other piece of it. That's staggering. What are some of the tips that you have been sharing with folks,

Jennifer? It's easy to get caught up sometimes. Differentiating between that genuine person versus not.

Petko: What's a romance scam? I struggle to figure out what it is. Can we define it first? When I hear a 1.3 billion, I'm like, I don't have 1.3 billion. Who's scamming who for 1.3 billion? Let's define the romance scam because I'd love to understand what it is. Cybersecurity's got so many challenges. Now we're adding the human side of it. I want to make sure. What are some of the stories that you typically see that folks are worried about and what's the process that this happens?

 

More Than the Typical Nigerian Prince Cyber Scam

Jennifer: Romance scams have been around for quite some time. I think especially the general public might hear about them and think about maybe the Nigerian prince scam. Someone sending you a random email saying, "I need help. I'm a prince, please send me money."

We all know that is a scam. It's very obvious. But I think there might still this be this perception that that's what romance scams look like, that they're very easy to spot, to click delete right away. 

Romance scams can be incredibly complex. Say you might be on a dating website or an app, maybe it's social media and you're looking for love. You're talking to people throughout the day trying to make connections and romance scammers are also on these platforms.

They might create a fake profile on this site. You strike up a conversation with them and it might not always be obvious that you're talking to a scammer. Sometimes it is right off the bat if they're asking for money. You might ignore the conversation and report the conversation.

Romance scammers have gotten so complex and very hard to spot. These scammers really try to connect with you in this conversation. They want you to feel that emotional connection to them.

They want you to fall in love with them through these platforms and then you might start to spot some of the red flags. Maybe they're saying they're going to come visit you and breaking those promises.

I think the biggest and most common red flag, is if they start asking for money, especially something that's for something urgent. Maybe a medical expense, maybe it's a plane ticket to come and see you. They want you to act without thinking to send them money.

Jennifer: So that is really the biggest red flag of these cyber scams is a request for money, especially if it's one through, they want you to send preloaded gift cards, wire transfer, cryptocurrency. So scammers will strike up a relation with someone on the dating platform, build trust. They might chat with you for multiple days or weeks or months before they make their first move and ask you for money or send you a sad story about why they need help. And that's how people get roped in.

Rachael: It sounds like a lot of work, for depending on what you're getting out of it too. But I wonder about things like AI though.

Does that start making these kinds of cyber scams easier to execute, meaning less human direct touch of the type and response or I think of a ChatGPT, everyone's talking about that. But is this becoming something that's almost automated for them to do when we think about all this introduction of AI?

So you could have theoretically like a thousand of these cyber scams happening at the same time and then you're waiting to see which one you're like, "Oh, I'm ready to pounce." I don't know.

Jennifer: Yes, I think a lot of, even before AI, these scammers use a lot of the same language and tactics. I think the ones that are really trying to hook someone in for the long run are trying to say exactly what that person wants to hear.

Rachael: Yes, I think, too. Petko knows, he's probably sick of me talking about TikTok. I'm kind of obsessed with TikTok right now and what you put on.

 

Be Aware of Information You Put Online

Rachael: I have dogs. You'd see I'm an animal person. I could imagine someone coming on strong like, "Hey, I'll be your friend." That kind of thing. It's just interesting that everything you put out in the world now, you really have to be suspicious of everything. I almost feel like innocence is lost.

Jennifer: That is one of our top cybersecurity tips for people, especially people on dating apps. Set your social media profiles to private. Think about what you're posting on social media and who's going to see it.

If you're posting photos of you and your dog, that might be an opportunity for someone to look at your social media profile, reach out on a dating app and say, "Hey, you have a border collie, so do I."

They make that connection point and that's how they get in.

Petko: I think in the government, they have this concept called operational security or OPSEC. It's that exact same thing. Be aware of what you put out in terms of information. If someone's using that exact same public information to befriend you or strike up conversation, be a little bit more aware of it because it is public. Don't assume it's private.

Rachael: That's a really good point. I guess a tangential scam, it's not the actual act of pig butchering, but legit who comes up with the pig butchering name scam. This is where it gets me a little nervous because I'm all about the text messaging. Someone ostensibly text messages you purportedly,

"Oh I'm so sorry, I've got the wrong number, but while I've got you," and that seems to be coming another pathway in. Kind of direct route, if you will.

 

[12:09] Pig Butchering Cyber Scams

Jennifer: This isn't exclusive to online dating. This could happen on social media, WhatsApp, texting platform. Someone might text you and say, "Oh sorry, wrong number." But saying, "While I have you," they try to a start of friendship through text.

They're not going to just jump right into the send me money. 

Typically in pig butchering cyber scams, a scammer might reach out again making an emotional connection with someone really trying to connect with them. The person on the receiving end feels like they know this person. They're friends, they're becoming very close.

Eventually, the scammer might bring up an opportunity for an investment, like a moneymaking opportunity. That's where the cyber scams come in. I think they call pig butchering because they're trying to fatten up the pig, get them involved in this investment scam and eventually send them as much money as possible.

Petko: I had an interesting one that was related to this. Random text message from a number I didn't recognize. But they signed it as someone I personally knew, someone I've met before. They pretended to be someone I was connected to on LinkedIn.

At first they're confirming, "Hey, this is my new number, is this Petko?" I'm like, "Yes it is." Thinking I know who they are. Later on they say, "Hey, can you do me a favor?" I'm like, "What is it?" And then he is like,

"Hey, I'm stuck in this board meeting," or something very specific to this individual. "Go to the store and give me a gift card." I was like, okay, that's a scam.

I just blocked them immediately. You can buy gift cards online. This buddy of mine is not going to ask me to go to the store and get a gift card.

 

Be Careful of Who You’re Connecting With

Jennifer: It's another interesting point, thinking of LinkedIn, also being careful who you're connecting with on social media. Some of us on LinkedIn, we get a request and we just add the person. Think about if you really know that person or is that person going to use you to make a connection with someone else saying like,

"Hey, I know Petko that's going to get me in with Rachael if we're a connection." So just also being careful who you're sharing your profile with, who you're connecting with on social media.

Petko: I just thought it was unique that they used LinkedIn. They somehow got my cell phone number then pretended to be someone. They've got some data mining system in the background that's probably looking through names and finding them and then giving data out.

Rachael: Yes, there's apps. I was reading in one of the articles, think it was like CDNet, that there's apps in the Apple and Google app stores. They somehow sneak through, these pig butchering apps. So, isn't that crazy to facilitate said activities? 

Another big one I want to talk about and including LinkedIn as well are job scammers. We are reading all about these layoffs across these different industries right now, and this was the one I think that really breaks my heart the most.

Just for people who they need a job, they need to feed the family and people take advantage of folks legitimately looking for a job and finding ways to ask them to pay for, I don't know, like an application fee or something. I mean are you guys seeing more and more of this, Jennifer, your side?

 

[16:00] Think Before You Click

Jennifer: We are, yes. Actually we also just came up with a blog post on this topic too. And similar to romance scams and other types of cyber scams, people are reaching out to those at vulnerable points, whether they're looking for love or they're looking for a job. It's a very stressful time.

You might be communicating with a lot of different people at once sending in applications or sending personal information through applications. So we are seeing scammy jobs posted. They might ask for an application fee, they might ask you to send personal information. Say a social security number or other information to apply for the job or to move forward in the process.

So we always tell people with those to make sure you're thinking before sending any. First off, don't send any personal information over email.

Think before you're clicking on links, especially if someone is sending you an email or a message in a job search platform. Always think before you click, do your research on the company that's reaching out to you as well. And if you're applying to a job, they're not going to ask for an application fee. Yes, that's a cyber scam.

Rachael: Some of the stuff too seems so simple. You're like, why would I ever fall for that? But you also think in the moment, to your point, this vulnerability, it seems to be this recurring theme. We saw it particularly with COVID, right? Everyone taking advantage of an epidemic in order to try to scam people. And it's just kind of fascinating.

You don't realize, I guess as humans just how vulnerable we are and on the right day they could be successful.

 

Don’t Let Your Guard Down

Jennifer: We use technology all day and we all let our guards down at some point. There's also a rush, especially when we're working, responding to emails to get it done, to cross an email off the list just to click without thinking of it. Scammers are bidding on that you will just click the link in the email without thinking about who is this coming from, what's the email address?

And you see that especially with just kind of general phishing attempts in your inboxes, it's using a sense of playing on your emotion or using a sense of excitement or urgency. You saw that during COVID. Urgent click here to get your vaccine or trying to get you to click on something as quickly as possible.

Petko: Yes, it's interesting. They've moved from email to a lot more text messaging lately and in this hyper-connected world either you're on the road or you're connected constantly. You're sometimes responding without thinking via text message. Or I'm just thinking through,

"Hey, sign up for this lottery or fill out this form because of this settlement that you might have seen." And next thing you're giving them your social and then they take that data and mine you elsewhere. And I think we've all been taught be careful with email scams, but I think we got to keep that in mind with text messaging.

Jennifer: Yes. I think we're also just receiving a lot more through text messages. You might receive an order confirmation if you're placing an Amazon order or maybe you expect to receive text messages with a multifactor authentication code. I think we're kind of more used to clicking on those messages and we expect to see those messages so it's easier for others to slip by.

 

Better Safe Than Sorry

Rachael: That's where I struggle because they never come from FedEx. I love the FedEx updates and text. But when you look at the text message number, it's a weird number to begin with. How do I validate? I want to click it so bad. What do I do instead?

What is next with the texting then? Just as you would access an application or a website, now is it MFA? How do you validate that text? Or you now just assume all texts are bad and I have to go to FedEx and type in the 89 character tracking number. And hope I don't get one of the letters wrong versus just being able to click the link?

Jennifer: There are some things you can still look out for with a text message. If something is coming through on a thread, you've received other texts from FedEx, I think it's pretty safe to assume that's the same number. If it's one that's popping up with no other thread, those can be legitimate.

Sometimes you get a text from FedEx and it's coming from a very weird number, but that is how FedEx is trying to contact you. I mean I think it's better to be safe than sorry. 

Personally, I try not to click those links. I do go onto FedEx or see if they sent me an email where it might be a little easier to verify where that URL is going to bring me. So I try to get both the email and the text updates.

But as much as possible if I can go to type in the web address on my browser without clicking on anything and look up the information that way, that's what I try to do.

 

Apped Out

Petko: I'll tell you, I'm actually impressed with FedEx and UPS's apps and the apps work so well I don't even need the text messaging.

Rachael: Yes, that's a good point. But just how many apps are you going to have on your phone? I'm kind of apped out Petko. You know how many scrolling I have to do to find apps on my phone. I mean I love the app experience, but they're all separate and they all require separate authentication and all the other things.

Petko: Rachael, you and I have a little training session on maybe getting rid of some of those cat and dog apps and all those other ones I'm sure. But you could always say, "Hey Siri, hey Google, open up this app." Or delete some apps maybe.

Rachael: But you never know. Is app hoarding a thing? You never know when you're going to need that app. And what if you can't download it at the moment? That's going to be the next reality series, app hoarders. Hilarious. 

I do want to kind of segue though here because I think in the grand scheme of all of this, the thing that I struggle with the most and you hear about, there was this wonderful Netflix series called Web of Lies. They kind of featured, I think it was four or five different stories and we had one of the producers on months ago, Brian, he was amazing, but it's the legality.

How do you prosecute a lot of these things? And one of the stories they featured in this particular series was on sextortion, these high school girls caught up in the sextortion.

 

[23:23] Prosecution of Cyber Scams

Rachael: It turned out to be this fellow that they knew and went to school with. He was friends with one of the girls and she was crying to him about what was going on and it was almost impossible to prosecute him. I mean the girls finally got real creative and figured out a way to track it back to him and had to work together. But thank goodness they knew each other and were able to work together otherwise he never would've been prosecuted. And that seems to be a recurring refrain for cyber scams. Are you guys hearing a lot about that too?

Jennifer: We are. I think for scams and for romance scams, they often cross countries across international borders, which makes it very complicated. Whose responsibility is it to prosecute? Is it someone maybe in the US that's getting scammed or is the scammer coming from another country?

Whose responsibility is it? So we always encourage people to report, but it can be very complicated. Our advice, the best thing you can do is report to the platform, the US Secret Service, the FBI are working with victims of cyber scams all the time to help them to try to prosecute these cases. But it can be very complicated.

Rachael: Because I imagine these things move with such speed too and like to your point, they're complex. I mean you're dealing with probably different countries and with different laws and I imagine it'd be really difficult for even local law enforcement. I mean the FBI, they're working with this, but a lot of times you go to local law enforcement to see how they can help. It's almost like is there training available to help with tools and resources for these kinds of things?

 

Cyber Scams and Local Law Enforcement

Jennifer: It's really tough. Local law enforcement, they don't always have the resources or the education to know how to help with these cyber scams. It's not like they all have cyber divisions. That's why it is important to report to federal agencies as well as report to the platform so they can direct you to the right place. We tell people to report to local law enforcement as well. That is something that as an industry we need to work on making sure that local law enforcement has the resources they need to help victims. They might be the first point of interaction for a victim. The first place they go when they come across cyber scams.

Rachael: Yes, that would be your first thought. It's so complex and moving so quickly. How do you even keep up with it? It seems like a need. But curriculum wise, just as soon as you would learn about one thing, then this other thing comes up. It’s like a never-ending hamster wheel. How do you address that?

Jennifer: Yes, it's tough. That's a great idea for our next project. But it is interesting to think about when the average member of the general public is the victim of a cyber attack, thinking about where are they going to go, where are they going to look for resources? So local law enforcement, there are people that also go to their libraries or community centers to ask for help or maybe bring their laptop in. 

I think it's important for the National Cybersecurity Alliance, our organization, and for other organizations to understand where people are going and to make sure that those community leaders have the right resources to help members of their community.

 

[27:30] Tax Fraud Scams

Rachael: As we come into tax season, which is my least favorite time of year, but now there's also tax fraud scams. So how do these work, Jennifer? Because this is my biggest concern. I probably shouldn't even say this, but I do all my taxes online. I shouldn't say that out loud. So what do you look out for with those? Because that's coming up here soon. Tax deadlines.

Jennifer: Most people do file their taxes online. It's hard to avoid being online and filing your taxes. So for tax time, of course watching out for scams that are specific to tax time, the big one is anyone that's emailing or texting or calling to claim to be from the IRS saying that you owe them money, threatening you, again, using that sense of urgency.

Or saying, "Oh, here's your tax refund, click this link to get it." That's never how the IRS is going to contact you. So that's a big one to look out for. We tell people also just file your taxes early too, to prevent anyone from trying to file taxes in your name to prevent identity theft as well. Filing early can help prevent that.

We do have also resources for reporting to the IRS. You can report tax fraud, you can report phishing scams related to taxes, to reporting to the FTC as well. But tax time is complicated. It is again, a very stressful time and that's why scammers are going to try to take advantage of you during this time. You're very stressed out, you just want to get it done quickly. So it's important to be prepared for tax time.

 

Register Your Account on the IRS Website

Jennifer: If you work with a tax preparer, do your research, understand how you're going to communicate with your tax preparer. Should you expect emails from them, do they have a safe way for you to send them documents? Not all of them do. Sometimes they just ask you like, "Okay, send me an email with all of your most personal information. I'll take care of it from there." Or understanding if you're working at a firm who's going to have access to your data, this is very sensitive information. So I think especially even before you start filing your taxes, getting those questions out of the way, making sure you're working with the right person, knowing how to securely send documents, backing up your documents are really important.

Petko: I know the IRS has got a great form out there, actually not form, but really like a list of checklists for tax professionals say, how to communicate, how to do backups because God forbid your tax professional loses your data or just delete it accidentally or whichever.

But one thing I found that helps a lot from an identity theft standpoint is on the IRS website, if you have not done this already, make sure you go and actually register and create your account. Because what can happen is someone can pretend to be you register and then request transcripts electronically without even you knowing it. 

So you should definitely make sure you're registered on IRS's website, social security website because you wouldn't want someone else pretending to be you and changing the address on the backend without you realizing it.

 

Protect Your Identity From Cyber Scams

Jennifer: When you go on and register, they give you an Identity Protection (IP) PIN so that if something happens, your PIN is only known to you and the IRS, it helps verify your identity when you file your taxes. So then it makes it easier to work with the IRS to recover your identity if something happens.

Petko: You don't just need to submit through TurboTax or whatever software you're using, you could also go on the IRS, register your profile, get the right PIN, and then use that in TurboTax going forward.

I think there was an article I read years ago that recommended doing that and there was literally identity theft that hit the IRS because of that. And that's why they started doing the PINs. And then social security was the other one that got hit pretty hard with that same concept. So if you got government websites that you actually do business with, either IRS, social security, or even your local state, just make sure you register with them. Make sure you're managing that so that someone else doesn't take ownership of it pretending to be you.

Rachael: Yes, it's so scary and it's so hard from everything I've read, it's so hard to get your identity back once people take it over. It's crazy what it takes to get it back.

Petko: I don't know about you Rachael. I think I've got more identity protection I can ever imagine.

Rachael: I do. Well particularly because of all the breaches that have happened. So then you get all the things, it's kind of wonderful.

 

[32:12] Protect Yourself From Cyber Scams with Password Managers

Petko: I've had them all. Who's on first is the question. If something did happen, who pays first? And I think that's going to be the problem we're going to have next.

Rachael: Exactly. I do want to get to, I think we're mindful of time, but one final favorite topic of mine that I have yet to embrace, and I'm sure you use these Petko, are password managers. LastPass, everyone's on the LastPass. I saw there was a breach, but Jennifer, you guys actually had a blog post. I was so fascinated you guys had a blog post on this exact topic. As I was starting to think, should I embrace a password manager, what is it that you guys recommend?

Jennifer: We do recommend password managers. So we actually, we have a report that comes out every year on cybersecurity attitudes and behaviors. And we ask people how do they manage their passwords? The most popular answer was writing them down in a notebook, which to me that's like a lot of work. Other popular answers were storing them on your phone like in a notes app, in an email or a spreadsheet.

But there are a number of people that do use password managers. They're becoming very popular. And there was the LastPass breach a few weeks ago. But it is a form that we highly recommend because it's so important to have those strong, unique passwords, long passwords. It's so hard to remember them, you can't remember all of those. We have so many hundreds of accounts, like it's too hard to manage writing them all in a notebook. 

 

Password Managers + Multifactor Authentication vs. Cyber Scams

Jennifer: Password managers are really the best way to manage that. And in a lot of these breaches, it's very rare for someone's password to get leaked. It might be other data. And it's important also in case that happens, having multifactor authentication set up on your account. So then if someone gets that password stored in a password manager, they still can't get into your account. So we recommend password managers. A lot of them also have a lot of other features that tell you if your password wasn't a breach, like telling you if you have repeat passwords. There are just so many great security benefits of using a password manager that we highly recommend them.

Petko: I've been using it for years. I actually got my whole family on it, the wife, the mother, and I trained my mother, to have a unique password for every single website. So it's taken probably over a decade. But the great thing is now she can go to the website, click, it logs in for her. She doesn't have to think about it. So it's something I think that we underestimate, using a long password. 

Because the flipper is if you have the same password for every single website, it just takes one breach. So password managers are really all about reducing your tech surface. So different use names, different passwords. I've done it all I think at this point to make it simple for myself to manage, but I'm a big, big fan of password managers. I mean, I know the browsers have plenty built into them as well, but I use third parties because I can use it on my phone, my iPad, and even in various computers without having to worry about it.

 

Monitoring Against Potential Breach

Jennifer: I think it's especially great for families too, because you can securely send passwords to other people in your family instead of sending them a text with what's the Netflix password? You can send them a secure encrypted message.

Petko: I think to your point, the password managers aren't just for passwords. I think people underestimate that. They're doing more than that now. I mean they're doing dark web monitoring to say, "Has this been breached? Should you be aware of it? Hey, this password, we don't know what the password is, but the hash of this looks really similar to this other thing. We think you should change it."

It tells you which ones have been breached. And that is huge that I think when you've got that preventative mechanism to say, "This password has been reused, let's go ahead and change them on these websites for you." Some will actually help you.

Rachael: Oh, that's wonderful. Sometimes you're on websites and they're kind of sketch, but you want to watch a movie maybe if it's not available anywhere else. I have a friend, he sends me, because he knows I love international movies and they're not always easy to find. And there's this one called MovieBerry and it's hilarious.

You pay 7 cents for an iPhone recorded movie, which is completely illegal by the way. I acknowledge that. I don't watch them, but it's just funny that there's all these things out there. And so he's always sending me these sketch apps like, "Oh hey, you can watch your favorite Korean thrillers on this one."

 

[37:26] The Cybersecurity Industry

Rachael: I use my mom's (Netflix) password. It's been like 15 years too. I'm not ashamed. I'm going to ask her to upgrade her subscription so as to keep doing that. 

Petko: Same household, right?

Rachael: It sure is just different IP addresses, but the same house. Can't believe I'm in cyber some days. I’d love to ask people though, how did you get into this world? I love cyber, I was so excited to find this industry years ago. And I want more people to come to it. You could be a psychologist and come into security and bring such a great perspective. How did you find your way here?

Jennifer: I've been in the world of cybersecurity for a little over five years since I started at the National Cybersecurity Alliance. It's not where I expected to end up. My background was in marketing, events, and nonprofit work. The combination of those three, I was able to apply to cybersecurity, to my surprise, and apply to cybersecurity education. A lot of the way we talk about cybersecurity in our articles is marketing cybersecurity, trying to get people's attention.

I've become very passionate about the human element of cybersecurity. Talking to people and employees and using that marketing knowledge to get the messaging to resonate, which has been really exciting. It's something we talk about a lot when we talk about cybersecurity careers is that you don't have to just be super technical, good at science or coding. There are many different jobs that require different skill sets, hard and soft skills. We have a program for college students about cybersecurity careers. It's open to all majors.

You can be in business, communications, psychology, legal studies. There is a role for you to play in cybersecurity. There is a career for you.

 

Making Cybersecurity a Habit

Rachael: I wonder too, I mean at some point, because particularly when you look at business, I mean cybersecurity is inherent in any kind of business operation plan today. It permeates literally every aspect of our personal and professional lives. And so I wonder at some point, does it just become integrated into everything we do and we don't actually have cyber careers.

It just becomes a skill that everybody has at some point in time. And maybe that's in the next 10 years or something like that. But I think that would be wonderful. And it's the education, Jennifer, the great work that you guys are doing to help people realize it's not this scary esoteric thing. It's actually something that everyone can contribute to. And the more we all learn, the smarter we can be, some of us later than others. 

Jennifer: And we compare it also to talking about the habits we take on in terms of physical security. There was a time where people had to get used to clicking their seatbelt and we want cybersecurity behaviors to become as easy as that. People don't even think about that anymore.

It's click it or ticket. You always hear that messaging. People just do it now and we want it to be the same way with, you go online and you make sure your browsers are up-to-date or you set up multifactor authentication when you create a new account. I think these are just new ideas that as the general public we have to get used to and we have to bring them into our daily habits.

 

October Is National Cyber Security Awareness Month

Petko: Definitely. Jennifer, thank you for helping educate everyone on this and actually bring the human side of cyber to it and simplifying this because we definitely have a pipeline issue in cybersecurity. We don't have enough people, we need folks starting earlier to help them get up to speed and understand. And honestly, it takes a nation, it does. It's not just one vertical like cyber. So thank you.

Rachael: Looking forward to October this year, another great national cyber security awareness month. I love it. We've participated those in the past and they've been really great. And especially the Twitter conversations, the real-time Twitter conversations. Love those. So thanks again Jennifer for joining us this week. This has been a lot of fun. These are all my favorite topics.

And to all of our listeners, Petko, you know what I love to say. We're going to smash the subscription button so you get a fresh episode in your email inbox every single week. So everyone thanks for joining us this week. Until next time, stay safe.

 

About Our Guest

 

Jennifer Cook is the Senior Director of Marketing at the National Cybersecurity Alliance (NCA). Sheleads the development and coordination of NCA’s growing suite of campaigns and programs, including Cybersecurity Awareness Month and Data Privacy Week. She joined the National Cyber Security Alliance in 2017 and holds a degree in Marketing from Drexel University.